Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
682
Views
0
Helpful
3
Replies

SSL VPN Implementation and Digital Certification

raymng
Level 1
Level 1

‎08-09-2004 10:54 AM - edited ‎02-21-2020 01:17 PM

Hi there,

My VPN 3030 Concentrator is behnd firewall. The firewall performs static NAT for the real IP of the Concentrator public interface.

I am testing SSL VPN now. When I use my remote laptop to access the Concentrator NATed public IP, the browser gives me warning saying that the certification is not matched. This is because the self-signed certification from the Concentrator has the real IP there, but I am using the NATed IP to access it from outside. What would be my option to eliminate this warning message?

If I use Versign certification instead of the self-signed one from the Concentrator itself, would it resolve my issue?

Thanks.

-Raymond Ng (sactoraymond@yahoo.com)

Labels:
0 Helpful
3 Replies 3

mostiguy
Level 11
Level 11

‎08-09-2004 12:56 PM

What does the error say specifically? It is likely in regards to a self signed certificate, as opposed to anything to do with ip addresses.

You can package the server cert that signed the concentrator's cert, and install it on client machines, such that they would thenceforth trust it. or a major certificate authority would work (verisign, etc)

0 Helpful

raymng
Level 1
Level 1
In response to mostiguy

‎08-09-2004 01:54 PM

The error message is from the web browser. Basically, it states that the cert was issued to device with IP 192.168.25.1, but you are now accessing this device via A.A.A.A (public routable IP NATed by our firewall).

The cert is a self-signed cert that it was created automatically when the concentrator booted. I guess if I buy a SSL cert from Versign, it may solve my problem??

0 Helpful

makaiser
Community Member
In response to raymng

‎08-16-2004 08:21 AM

Hi,

i have the same problem with the WebVPN Feature on a 3005 VPN Conn.

The customer use a DNS Name to reach the VPN Con., but the self-signed certificate carries the IP address, not the DNS name.

When we try to connect, there's always the warning message, that the entered name is not the same like in the certificate.

I tried it with the Enroll-Feature under the public interface in Certificate Manager, but if i install the certificate (with the FQDN [xxx.yyy.com]) of my ip address in the internet, the device stopps routing on this interface.

We have our own CA and the certificates are valid. But they don't work on the public and private interfaces of the 3005 VPN Con.

Anyone tried that out, any suggestions?

Thanks

-Markus

0 Helpful
Customers Also Viewed These Support Documents